If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Web Site Security

Hey everyone! A friend of mine has been working on a website that uses databases and utilizes php to access those databases. He recently asked me if I could try to exploit the website in search of vulnerabilities. Chances are there are many, as he is no security expert. I am doing this simply as a favor, and was wondering if anyone was interested in helping me. The objective is NOT to gain unauthorized access to anything, but to show vulnerabilities and fix the code. I personally do not have very much time to look through the website with the current workload of schoolwork. If anyone is interested in helping me, feel free to PM me. Thanks.

hahaha... A good way of testing it for common vulnerabilities might be to use an automated tool such as W3AF. It is integrated in the Samurai live cd. Run a scan against it, and it will look for common XSS and CSRF attacks among others.

\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

Remember that many vulnerabilities in code depend on the server configuration to be exploited (remote file inclusion, etc). Changing from a development to a production environment needs to take these things into account.

There are numerous heuristic XSS and SQL injection attacks that can tell you if something is vulnerable without neccessarily being able to exploit it. If you can sneak ' through input sanitization, even though it doesn't accomplish anything on it's own, it means you're vulnerable.

I've got some time coming up and I'd be happy to give a once over, although I doubt I am up to Spec's standards.

The login page adds slashes to prevent sql injection. But there is no use for it. You can completely skip the login and move onto the welcome page. The other scripts don't actually check if your logged in at all.

The really vulnerable stuff was removed. He had other scripts there used to maintain the actual site. Apache and the kernel in itself hasn't been touched since '04.

This site looks like it was built by a tea party member... in other words its epic FAIL.